Aussie mining tech firm counts cost of Chinese hacking

The damage an attack can do to your bottom line.

Hackers steal US$160 billion worth of intellectual property from Western companies every year, according to cyber security experts.

The damage, they say, is incalculable and Western governments have made it a priority to protect their nations' commercial assets.

But try telling that to Donald McGurk, chief executive of Australian communications, metal detection and mining technology firm Codan, who has watched sales and prices of his firm's metal detectors collapse since Chinese hackers stole its designs three years ago to sell cheap imitations into Africa.

With the Australian government wary of rocking the boat ahead of this month's historic signing of a free trade deal, McGurk says he was forced to hire a private investigative firm in China to stage a series of raids on counterfeit factories.

"They said you're on your own," McGurk said, referring to the Australian government officials he lobbied to help with his problem. The Australian government did not immediately respond to queries about Codan.

Codan's experience provides a rare look at the longer-term impacts of hacking on companies, as most keep the extent of an incident under wraps.

In fact, experts say many firms continue to turn a blind eye to cybersecurity even as hackers become increasingly sophisticated.

A PriceWaterhouseCoopers report found the average information security budget dropped 4 percent to US$4.1 million last year, reversing a three-year trend of rising funds to tackle cybercrime. That was even as the total number of detected security incidents jumped 48 percent to 42.8 million globally, PWC said.

Bryce Boland, chief technology officer for Asia at cyber security firm FireEye, said many companies are too focused on the reverse engineering capabilities of Chinese companies, which allow them to copy products within weeks of their public launch.

"They may be good at reverse engineering but they're much better at just getting the plans during the development phase (via hacking) and leveraging those immediately," Boland said.

Counterfeit gold rush

Codan began to realise it had a problem when it started receiving faulty metal detectors back into its services centre in 2011. Those products, stamped with the Codan logo, had unrecognisable, inferior parts.

Then the Australian Security Intelligence Organisation (ASIO) came knocking: a Codan employee's laptop had been hacked into when he logged on using hotel wifi during a business trip to China.

With an African gold rush underpinning demand for the metal detectors, Codan's blueprints had been filched by a Chinese manufacturing chain.

McGurk asked the Australian government for help, requesting they speak to Chinese authorities, but discovered his company was on its own. McGurk believes a landmark free trade deal with China, recently signed after more than a decade of negotiations, was responsible.

"No one wants to muddy the waters by putting in play something that's negative," he said.

The company instead spent "significant sums" on private investigators, who worked with China police to track the supply chain of the counterfeit metal detectors.

They discovered it led to Dubai, where police raids found "significant" numbers of counterfeit gold detectors in storage, en route to Sudan, Guinea and Niger.

China meted out jail terms of up to two years for the principals of three first-tier manufacturing companies in the supply chain, while Dubai fined several players around A$5000 each, McGurk said.

Codan, meanwhile, was forced to slash the price of its gold detectors from around A$4000-A$5000 to around A$2500 to compete with the counterfeiters.

The company's net profit fell to A$9.2 million in the year to June 30, 2014, from A$45 million a year earlier as a result.

Behind these public state-level spats, many companies are fighting a quieter battle where the front keeps changing.

FireEye said it uncovered a hacking campaign in June by a China-based group it calls APT3, targeting organisations in the aerospace and defense, construction and engineering, high tech, telecommunications and transportation industries.

APT3's phishing attacks are especially successful because the business constantly changes online identities, making it difficult to track, FireEye said.

Meanwhile, Codan is ramping up its defences.

The Adelaide-based company is introducing encrypted products, employs around four people to work full-time on preventing hacking-led counterfeiting and has an Australian lawyer whose sole role is to coordinate those efforts.

"I don't think you could ever presume it's behind you, but now we're in a position to understand what's happened," McGurk said.

All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.Your use of this website
constitutes acceptance of nextmedia's Privacy Policy and
Terms & Conditions.